fix: [security] Fix reflected xss via unsanitized URL parameters

- As reported by an external pentest company on behalf of the Centre for Cyber security Belgium (CCB)
MISP · Mar 6, 2020 · 43a0757 · 43a0757
1 parent 3182790
commit 43a0757
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/app/View/Users/statistics_orgs.ctp b/app/View/Users/statistics_orgs.ctp
@@ -12,7 +12,9 @@
                 'external' => array('selected' => false, 'text' => __('Known remote organisations')),
                 'all' => array('selected' => false, 'text' => __('All organisations'))
         );
-        $types[$scope]['selected'] = true;
+        if (isset($types[$scope])) {
+            $types[$scope]['selected'] = true;
+        }
     ?>
     <h4><?php echo __('Organisation list');?></h4>
     <p><?php echo __('Quick overview over the organisations residing on or known by this instance.');?></p>